A threat actor claims to have breached Teknobuilt, a technology company specializing in transforming the way energy, infrastructure, and construction projects are operated. The company is also a partner of Oracle. The incident, which reportedly occurred in October 2025, resulted in the theft and subsequent leak of the company’s proprietary source code.
According to the actor’s post on a dark web forum, the entire source code for the company’s projects has been compromised. A sample file tree provided by the actor reveals an extensive and complex repository. The allegedly compromised data includes:
- The complete application source code, including API endpoints, backend systems, and various modules.
- Internal Git repository data, which may reveal commit history, branch names such as ‘bugfix’, ‘feature’, and ‘hotfix’, and potentially developer aliases.
- Configurations for various database drivers, including MySQL, PostgreSQL, and SQLite.
- Third-party service integrations and vendor libraries for partners like AWS, Authorize.Net, Stripe, and numerous Omnipay payment gateways.
- Dozens of internal project and management modules for systems like Access Control, Cost Coding, Supply Chain Management (SCM), and Engineering Management.
